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Cloud Agent Deployment 


To successfully deploy Qualys Cloud Agent (CA), the target host must have Internet 
access, and a clear path to the Qualys Cloud Platform. Administrative or root access to 
the target host is required to complete an agent installation. 


Agent Activation Key 


Cloud Agent 
CA Stay updated with network security by deploying 
agents on your hosts 


Before you can begin deploying agents, you must first generate an Activation Key in the 
Cloud Agent application. Activation Keys allow you to manage and control the 
distribution of agents throughout your organization. 


Navigate to the following URL to view the “Create Activation Key” tutorial: 


LAB 1 - http://ior.ad/7fyC 


Activation Key Тит help tips: On | Off Ж 


Edit the activation key 


An activation key is used to install agents. This provides a way to group agents and better manage your 
account. By default this key is unlimited - it allows you to add any number of agents at any time. 


Title @ CA Lab Activation Key 
Select | Create 


CALab e Add a "static" tag to label agent 
hosts deployed with this key. 
Provision Key for these applications 


Asset Inventory Patch Management 
Activations managed by Al. 25 Activations Remaining 


14 Activations Remaining 15 Activations Remaining 


Vulnerability Management o Policy Compliance 


Endpoint Detection and Response File Integrity Monitoring 
10 Activations Remaining 10 Activations Remaining 


Secure Config Assessment Application modules selected in the key will be 
15 Activations Remaining activated at the time of agent deployment. 


Unlimited Key ec 


Activation Key configuration options include: 1) Title, 2) Asset Tags assigned to deployed 
agent hosts, 3) Qualys application modules activated for deployed agents and 4) Key 
limitations or restrictions. 


Add a Static Tag 

It's a "best practice" to configure agent Activation Keys with a static Asset Tag. The 
predictable nature of a static tag will make it easy to identify or track agent host 
assets that are deployed with any Activation Key. 


Application Module Support 


Select the Qualys application modules to be activated at the time of agent deployment. 
Any application module not selected, can be activated at a later time. 


Qualys Cloud Agent collects and provides data for multiple Qualys Platform applications, 
including: 


= Asset Inventory (А!) – enabled by default 


= Vulnerability Management (VM) - includes Threat Protection (TP) & Continuous 
Monitoring (CM) 


" Policy Compliance (PC) and/or Security Configuration Assessment (SCA) 
" File Integrity Monitoring (FIM)* 

= Endpoint Detection & Response (EDR)* 

= Patch Management (PM)* 


NOTE: Asset Inventory is enabled, by default. Threat Protection (TP) and Continuous 
Monitoring (CM) are supported via activation of the VM module. 


FIM, EDR, and PM are agent exclusive applications (i.e., they require Cloud Agent). 


You'll find complete details on agent OS and application support in the Cloud Agent 
Getting Started User Guide (https://www.qualys.com/docs/qualys-cloud-agent-getting- 


started-guide.pdf) 


Activation Key Limits 


Create keys that are unlimited or choose the option to set limits. 
Set limits 


You can set limits for more control over your activation keys - maximum number of agents or expiration date. When 
both are set, the key will expire when the first limit is reached. 


Key limited by count 
Tell us the maximum number of agents that can be installed using this key. 


Maximum number: 5000 


Key limited by date 
Allow installation of an unlimited number of agents up until this date. 


Date: | 2/14/2026 га 


If both limits are selected, the key will expire when the first limit is reached. 


Agent Installation Components 


While this lab tutorial highlights the components of a Windows agent installation, the 
basic principles and concepts apply equally to other agent-supported OS installations. 
You'll find specific instructions for Mac OS installations, RPM-based OS installations, and 
Debian/Ubuntu OS installations in Appendix A, B, and C, respectively. 


The installation steps that follow support Windows XP SP3 or greater. Older versions of 
Windows that do not support TLS 1.2 (or greater) will need to connect to the Qualys 
Cloud Platform through a proxy or the Qualys Gateway Service (QGS). 


You must have administrative access to the target Windows host, to successfully 
perform a Cloud Agent installation. 


Navigate to the following URL to view the "Agent Installation Components" tutorial: 


PLAY 4 LAB 2 - http://ior.ad/7fzr 


Cloud Agent v 


Dashboard {Agent Management 


& Agent Management Agents Configuration Profiles 


Status Active + Enabled Yes + 
Activation Key Agents Created 
Z CA Lab Key 0 October 14, 2019 
6fa58e68-9b64-49db-b8f9-a09d91c1094a f Quick actions | 


=> Install Agent Y 


View Key In 
Edit Key 
Delete Key 


Disable Key 


Use the "Quick Actions" menu of an Activation Key to select the "Install Agent" 
option. 


To download an agent installation program and acquire its associated installation 
command, just click the “Install Instructions” button that matches your targeted OS. 


Install Agents 


A few things to know before you install agents 


Give your key a name and add tags to easily find agents installed using this key. We'll associate the tags to the agent hosts. 


Activation 
"Y m mmm = © o 


Installation Requirements 


Windows Microsoft Windows Client 
a (.exe) 300-3204 Microsoft Windows Server 


Red Hat Enterprise Linux 
CentOS 

Fedora es 
OpenSUSE Install instructions 
SUSE Enterprise Linux a 
Amazon Linux 

Oracle Enterprise Linux 


Red Hat Enterprise Linux 


CentOS ‘Install instructions | 
Amazon Linux —— 


Deb sas 
Ubuntis Install instructions 


Teen Install instructions 


Аре пасов Install instructions 


IBM AIX Install instructions 


FreeBSD ‘Install instructions | 


To install Cloud Agent on a Windows host, click the “Install instructions” button for 
W: 
the E= "Windows (.exe)" option. 


See Appendix A, B, and C for Mac OS, RPM, and Debian installation instructions. 


Install Agents 
You are ready to install the agent. 


Current agent version: 4.2.0.8 
Hash-SHA-256 : c29848099fcedce7b571027514c9ecf5e3f4b8a8d79c9833c00b4ea2c9a23b0c 


Deploying in Azure Cloud 


Windows Installation Requirements 


Click here for the list of supported operation system versions. 
To install the agent you must have local administrator privileges on your host. 


Your host must be able to reach the Qualys Cloud Platform or the Qualys Private Cloud Platform over HTTPS port 
443. 


* Do you have a proxy? Learn more 
Steps to Install the Windows Agent 


Download the agent installer (file size 15.4 MB) 
File will be saved to your downloads area, as defined by your local system. 


Copy QualysCloudAgent.exe to the host you want to monitor and run command, or use group policy or a systems 
management tool. Click here to troubleshoot. 


For agent version 4.3 and above, make sure to provide the WebServiceUri parameter in the installation command to 
install or upgrade the agent. 


Press CTRL-C to 
Copy and paste this command for installation: 


QualysCloudAgent.exe CustomerId={4058fe89-8caa-fcb6-8373-c2a56ffaldb9} e 
ActivationId- (dcf48885-316b-4230-b40d-a15c8e32db5a) 
WebServiceUri=https://qagpublic.qg3.apps.qualys.com/CloudAgent/ 


Copy and paste the installation command into a plain text document. 


Click the “Download .exe file” button and save the Cloud Agent installation file 
(.exe). 


The installation command contains your unique Customerld and an Activationld that 
identifies its associated Activation Key. 


When using third-party applications to build custom deployment packages for hundreds 
and thousands of hosts, these two components should be included. 


Command Line Installation 


Although this lab uses a simple ‘command line’ technique to install Cloud Agent, other 
techniques and/or third-party applications can be leveraged to automate your Cloud 
Agent deployments. 


Navigate to the following URL to view the “Command Line Installation” tutorial: 


PLAY 4 LAB 3 - http://ior.ad/7gF7 


Open a “Command Prompt” window on a target Windows host. 


С: \Users\qscan\Desktop>dir 
Volume in drive C has no label. 
Volume Serial Number is 8438-70FF 


Directory of C:\Users\qscan\Desktop 


01/02/2017 02:28 PM <DIR> 


01/02/2017 02:28 PM <DIR> SR 
01/02/2017 02:28 PM 1,928,224 QualysCloudAgent.exe dum 
01/02/2017 02:27 PM 122 windows install.txt 

2 File(s) 1,928,346 bytes 

2 Dir(s) 92,445,974,528 bytes free 


С: \Users\qscan\Desktop>QualysCloudAgent.exe CustomerId={ 


ActivationId={ Ww sé e) «P es pe 


Paste and execute the 
installation command. 


Navigate to the directory that contains the Cloud Agent installation program 
(QualysCloudAgent.exe). 


Use the “dir” command to verify the existence of the installation program file. If you do 
not see file “QualysCloudAgent.exe” navigate to its correct location before executing the 
installation command. 


Copy and paste the Cloud Agent installation command into the “Command Prompt” 
window and press the “Enter” key. The agent installation program will execute with 
your Activation Key and Customer ID. 


Validate СА Installation 


To verify the success of your installation, look for the Cloud Agent process within 
Windows Task Manager. 


#21 Task Manager 

File Options View 

Processes Performance Apphistory Startup Users Details Services 
Ф 56% 48% 


Мате CPU Memory Network 
im) Microsoft Skype 0% 27 MB OMbps a 


[=] Microsoft Store Background Tas... 


é} Microsoft Windows Search Inde... 


= Spooler SubSystem App 


=) Touch Keyboard and Handwriti... 


Fewer details End task 


Open the Windows Task Manager and verify Qualys Cloud Agent is running (Ensure 
you are viewing processes from all users). 


Locate Host ID 


All agent host assets are automatically assigned a Universally Unique ID (UUID) by 
Qualys. For a Windows host, this Host ID can be found in the Windows Registry. 


ВЕ Registry Editor — а х 
File Edit View Favorites Нар 
vy» | HKEY LOCAL MACHINE ^ || Name Type Data 
ü BCDO0000000 ab) (Default) REG_SZ (value not set) 


Ц COMPONENTS ab) ActivationID REG SZ 


HARDWARI e 
0 d а ab) CustomerID REG_SZ 


- F ab|HostlD REG SZ 45EC899F-AC65-4461-A7D9-8FBAF28E8E?21 

{| SECURITY 
м. | SOFTWARE 

|) Classes 

|) Clients 
E] Intel 
| | Macromedia 
LL Microsoft 
{| ODBC 
| | OEM 
| | Partner 


| | Policies 
| | Qualys 
ü RegisteredApplication 


ü VMware, Inc. 
[E WOW6432Node 


< > 
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Qualys 


Open the Windows Registry Editor (i.e., regedit.exe) and navigate to HKLM\SOFTWARE\Qualys. 
The "HostID" registy value contains a universally unique ID (UUID) to track the vulnerability 
findings for its host. 
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View СА Log File (Log.txt) 


You can use the Cloud Agent log file to monitor agent activity. You will find the log file 
for a Windows host in the “ProgramData” (hidden) folder. 


DiE- 

Home Share View [2] 
< "^ Ц « Local Disk (С:) > ProgramData > Qualys > QualysAgent 5 Q A t р 
Мате Date modified Type 

Ж Quick access a 
Manifests 3/24/2017 12:24PM Е 
M Deskto 
p LL SelfPatch 2 
Ÿ Downloads = Archive.bt 3/27/2 1KB 
=| Documents À Changelist.db 27/2017 3:01 РМ 4KB 
=) Pictures У Config.db 3/27/2 N 6 KB 
^ Music :| Default Config.db 3/13/20 6 КВ 
B Videos À Log.trt = 3/27/20 410 KB 
Snapshot.db 3/27/2017 3:01 РМ KB 
di OneDrive 
EM This PC 
Network 
8 items E m 


Use Windows Explorer or a Command Prompt window to navigate to the following 
directory path: C: \ProgramData\Qualys\QualysAgent 


Open file ‘Log.txt’ to view Cloud Agent log file entries. 
NOTE: Windows XP uses a different directory path for its agent log file: 


C:\Documents апа Settings\All Users VApplication Data\Qualys\QualysAgent 


CA Log Analysis & Troubleshooting 


Visit the Qualys Training Video Library for more information and details on agent log 
analysis and troubleshooting: 


"Introduction to Troubleshooting & Log Analysis (https://vimeo.com/412764672) 
Troubleshooting & Log Analysis - Common Errors (https://vimeo.com/412762742) 
Troubleshooting & Log Analysis — Unix/Linux Distribution (https://vimeo.com/418215691) 


Common Errors and Their Solutions — Unix/Linux Distribution (https://vimeo.com/418218290) 
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Cloud Agent Installation Guides 


© Qualys. Community Discussions Blog Training Docs Support 
Q Search documentation qualys.com/documentation/ = 
Sensors 


Cloud Agents 
Online Help 


; ; Р Gett Started Guid 
„ Please refer to the installation guide for ани 


your agent OS, for the most complete and 
up-to-date agent installation and 
configuration steps. 


Windows Installation Guide 
Linux Installation Guide 
Unix Installation Guide 

Mac Installation Guide 
Gateway Service User Guide 
BSD Installation Guide 
Release Notes 

Training 

Cloud Agent (CA) API 


© Qualys. 


12 


Agent Proxy Configuration 


By default Qualys Cloud Agent communicates directly with the Qualys Platform on 
TCP/443. Agents can also be configured to communicate through a proxy server, 
including Qualys Gateway Server (QGS). QGS also provides a patch download cache for 
the Qualys Patch Management (PM) application. 


TLS 1.2+ Requirement 


To successfully communicate with the Qualys Platform, TLS 1.2 (or greater) must be 
enabled on agent hosts. Agent host assets that do not meet this requirement will need 
to communicate to the Qualys Platform through a proxy server capable of converting 
host communications to the required TLS protocol. Use Qualys Gateway Server (QGS) to 
meet this TLS 1.2+ requirement. 


Windows Agent Proxy Configuration 
By default, Windows agents use the same proxy configuration as its host OS. 


The QualysProxy utility for Windows (QualysProxy.exe) can be used to configure proxy 
server(s) and port(s), username and password, Proxy Auto-Configuration (PAC) file URL, 
and Web Proxy Auto-Discovery (WPAD) for agent hosts. 


Windows Agent proxy settings are stored under the Qualys registry key. 


GH Registry Editor x 
File Edit View Favorites Help 
v ШЕ Computer A || Name Type Data 

Г] HKEY_CLASSES ROOT 28) Default) REG. SZ (value not set) 

| | HKEY CURRENT, USER ab) URL REG, SZ http://my-proxy1:8080;http://my-proxy2:8080 


м - | HKEY LOCAL MACHINE 
м -| | SOFTWARE 


v- | Qualys 
О Proxy «= 
Ц QualysAgen 


Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Qualys\Proxy 


Use third-party software management and distribution tools or the Windows Remote 
Registry Service to set the proxy configuration for agents, during or after agent 
installation. 


QualysProxy.exe can be used by third-party systems and software management tools. 
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You'll find QualysProxy.exe т the Program Files\Qualys\QualysAgent” folder of a 
Windows host. It must be executed from an elevated command prompt. 


QualysProxy [/u <proxy url> [/n <proxy username>] [/p <proxy password>] [/a <PAC file url>]] 
QualysProxy [/w on|off] 


QualysProxy [/h on|off] 
QualysProxy [/d] 


Qualys Proxy Options 


Option Description 

/u Proxy URL. Do not use with /a 

/n Username used to access proxy. If set, /u option must 
be set. 

/p Password used to access proxy. If set, /u option must 
be set. 

fa URL path to PAC file for proxy auto-configuration. If 
set, do not set /u option. 

/а Deletes all Qualys cloud agent proxy settings. 

iw Enables or disables agent use of the host's WPAD 
settings. 

/h Enables or disables agent use of the system wide 


winhttp(s) proxy setting. 


QualysProxy Examples 


1. Set proxy and port number. 


QualysProxy /u http://my-proxy:8080 


2. Define multiple proxy servers (for failover). 
QualysProxy /u http://my-proxy-1:8080;http://my-proxy-2:8080 


3. Define multiple ports on the same proxy server for failover 
QualysProxy /u http://my-proxy:8080;http://my-proxy:1080 


This can also be used to configure the Cloud Agent to use the Cache Port first 
and Proxy Port second (as failover) on a single Qualys Gateway Appliance. 


4. Set proxy and credentials 


QualysProxy /u http://my-proxy /n ProxyUsername /p ProxyPassword 


5. Tell agent to use PAC file 
QualysProxy /a http://my-pac-file-server/QualysAgent.pac 


6. Specify credentials for use with PAC file. 


QualysProxy /n ProxyUsername /a ProxyPassword /a http://my- 
pacfile-server/QualysAgent.pac 
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Linux Agent Proxy Configuration 


1. Create file /etc/sysconfig/qualys-cloud-agent (or /etc/default/qualys-cloud- 
agent) if it does not already exist. 


2. Add one of the following lines to the file (one line only): 
e https_proxy=https://[<username>:<password>@]<host>[:<port>] 
e qualys https proxy=https://[<username>:<password>@]<host>[ :<port>] 


Where «username» and «password» are specified if the https proxy uses 
authentication. Where «host» is the proxy server's IPv4 address or FODN. 
Where «port» is the proxy's port number. 


3. Restart qualys-cloud-agent service (e.g., service qualys-cloud-agent restart) 


Temporarily Bypass Proxy 


In the event agents are operating in proxy mode and need to switch to non-proxy mode, 
you can configure agents to use no proxy in /etc/environment. 


Environment variable 'no proxy' is used to bypass proxy. Curl library honors 'no proxy' 
environment variable. If ‘no_proxy’ is set, curl will not use proxy even if a proxy 
environment variable is set. 


To enable Linux agents to use no. proxy for communication with our cloud platform, Edit 
the /etc/environment file and add the following line: 


qualys https proxy-https://[«username»:«password»6]«host»[:«port»] no proxy-«POD domain name> 


Thequalys https proxy environment variable, is used exclusively by Cloud Agent 
(i.e., it will not impact other applications or services). 


Note: For init.d based systems, you need to prefix 'export' to the *qualys https proxy 
line. 
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Cloud Agent Installation Guides 


© Qualys. Community Discussions Blog Training Docs Support 
Q, Search documentation qualys .com/documentation/ <= 
Sensors 


Cloud Agents 
Online Help 
Getting Started Guide 


* Please refer to the installation guide for : | А 
Windows Installation Guide 


your agent OS, for the most complete and 
up-to-date proxy configuration details and 
examples. 


Linux Installation Guide 
Unix Installation Guide 

Mac Installation Guide 
Gateway Service User Guide 
BSD Installation Guide 
Release Notes 

Training 

Cloud Agent (CA) API 


© Qualys. 
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Asset Details & Queries 


It typically takes a few minutes for a new Agent Host to appear under the “Agents” tab. 


@& Agent Management Agents 68 Configuration Profiles 


ED... $ 
Agent Host os Version Last Activity » Configuration AgentModules Tags 
M wintodfw239 [9 № Microsoft Win... 4.2.0.8 Scan Complete Initial Profile Es ЕЗ Cloud Agent 
View Asset Details = 
Add Tags & 


Assign Config Profile 

Deactivate Agent 

Uninstall Agent 

Activate for FIM or IOC or PM or SA 


The “Quick Actions” menu of any host, will allow you to view its asset details. 


Navigate to the following URL to view the “Asset Details & Queries” tutorial: 


LAB 4 - http://ior.ad/7flF 


All agent hosts are listed under the "Agents" tab. You can use the CA "Search" field to 
help you quickly find the agent host you are looking for. 


@ Agent Management Activation Keys | Configuration Profiles 


Saved Searches + 


not lastCheckedIn » now-7d not lastCheckedln > now-7d 


Install New Agent 

О Agent Host os Version Last Activity ~ Last Checked In 

o à WIN7-32BIT ® Microsoft Win... 4.1.0.67 Manifest Downloaded Jan 31, 2021 4:09:15 PM 
10.0.1.227, 2600:8 Jan 31, 2021 4:09:15 PM 

L1 A ес2-54-185-121-19... № Microsoft Win... 4.2.0.8 Manifest Downloaded Jan 27, 2021 9:56:27 PM 
172.16.1.64, fe80 Jan 27, 2021 9:56:27 PM 


For example, you may find it useful to search your asset database for agents that have 
not checked-in for several days. 


Queries you create can be saved for future use and query results can be downloaded 
and imported into spreadsheets and other types of documents. 


17 


If you start typing in the “Search” field, а list of search terms will be displayed that 
contain the characters you type. 


#8 Agent Management Agents Activation Keys Configuration Profiles 


Saved Searches + > 


last < type your search term here > © | Search 


EfXCheckedin 

Syntax Help ( view more ) 
EfXFullScan lastCheckedin 
Even сы ое LL. 


Е} oggedOnUser pe with last check in within certain dates 
system. ЕЕ Вос! lastCheckedIn: [2016-01-01 ... 2016-01-10] pas 
vulnerabilities. Found Show findings with last check in starting 2015-10-01, ending 1 month ago 

lastCheckedIn: [2015-10-01 ... now-1M] 


Show findings with last check in starting 2 weeks ago, ending 1 second ago 


Detail is provided in the right pane, for any search term highlighted in the left pane. 


пд 44. и dA»? (du. 


Tip: Clear the "Search" field and enter any character ("a", "e", "i", "o", "u", ect..) to 
identify search parameters that contain the character you typed. 


Click the ^?" icon in the search field, for help and instruction on creating queries. 


#8 Agent Management | Agents | Activation Keys Configuration Profiles 


Saved Searches + - 


not lastCheckedIn » now-7d = © | Search 


Examples are provided for common searching scenarios. 


All agent hosts are labeled with the “Cloud Agent” tag, making the “tags.name” query 
token very useful, when attempting to “single-out” agent hosts in other Qualys 
applications. 


CyberSecurity Asset Management м НОМЕ DASHBOARD INVENTORY TAGS NETWORK RULES RESPONSES 


Managed Ў Assets Ш 


X tags.name:"Cloud agent" tags.name:”Cloud Agent" 


1 79 TOP HARDWARE CATEGORIES TOP OPERATING SYSTEMS CATEGORIES 


Total Assets i 


Virtualized Unknown Unidentified Computers Windows 


MANUFACTURER Group Assets by … v 

VMware 

ЕТ ASSET CRITICALITY © OPERATING SYSTEM HARDWARE LAST USER 
Google 

Microsoft WIN-HB2C14TBNPP К] E? Microsoft Windows Server 201.. Amazon Web Services Administrator 
Unknown 172.31.0.18,35.176.251.187 Standard6.3 64-Bit Cloud Instance 
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The example above was taken from the Cyber Security Asset Management application. 
When attempting to find agent hosts, search on the “Cloud Agent” Asset Tag (i.e., 
tags.name: “Cloud Agent”). 


Configuration and Tuning 


The Cloud Agent application is your command and control center for deploying and 
managing Cloud Agent. 


Cloud Agent 
CA Stay updated with network security by deploying 
agents on your host: 


Cloud Agent Configuration Profile 


The Cloud Agent Configuration Profile provides options to control the performance and 
behavior of each agent instance. 


Configuration Profile Edit Tum help tips: On| Off ж 


Edit Mode Configure a profile for your agents 


| General info  — ] Customize agent behavior by defining a configuration profile. (") REQUIRED FIELDS 


Blackout Windows Profile Name* 
CA Lab Configuration Profile 
Performance 
C) Make this the default profile for the subscription 


Assign Hosts 


O Suspend data collection for VM, PC, SCA and Inventory for all agents using this profile 


Agent Scan Merge O Prevent auto updating of the agent binaries 
VM Scan Interval Enter a description for this configuration profile. 
PC Scan Interval Description 

Cloud Agent Configuration Profile Lab Tutorial 


SCA Scan Interval 


PM 


Navigate to the following URL to view the "CA Configuration Profile" tutorial: 


PLAY 4 LAB 5 - http://ior.ad/7fAw 


19 


General Info 


Profile Name* 
CA Lab Configuration Profile 


(O Make this the default profile for the subscription 


O Suspend data collection for VM, PC, SCA and Inventory for all agents using this profile 


С) Prevent auto updating of the agent binaries 


The General Information settings establish things like the profile name and description, 
along with some default data collection and update options: 


* Onlyone profile can be designated as the default profile for your subscription. if 
an agent host does not meet the host assignment criteria for any other 
configuration profile, the default will be used. 


= The option to suspend data collection from agents will effectively stop the agent 
from performing VM, PC, SCA and Inventory scans. Although scanning has 
stopped, agents will continue to receive manifest updates, configuration updates 
and agent version updates. 


* Enable the “Prevent auto updating of the agent binaries” option, if you intend to 
use third-party software management and distribution tools (e.g., SCCM, RPM, 
BigFix, Casper, Altiris, etc...) to perform agent upgrades. 


Blackout Windows 


You can add blackout windows to stop communication between the agent and the 
Qualys Cloud platform, at specified times each day of the week. 


Blackout windows 


You can create any number of blackout windows for this configuration. The agent will not operate 
during any of these windows. 


1. Blackout window - Remove window 


Blackout days* Sun : Sat 


Blackout time From Select... 


This can be especially useful when coordinating the communication flows for different 
groups of agents, or simply use this option to stop agent communications during 
expected times of peak network traffic. 
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Agent Performance Settings 


To control the amount of system or network resources used by each agent, you can use 
the preset performance settings of (LOW, NORMAL, or HIGH). 


Configuration Profile Creation Tum help tips: On | Off X 


Step 3 of 8 Configure Agent Performance 


1 General Info «w^ These settings govern how an agent behaves, from how often it checks into the Qualys Cloud 
platform, to how often it checks the host for changes. It also includes performance settings that 


control CPU and network utilization. 
2 Blackout Windows — 


© pum Performance 
Select one of the performance levels below. Keep the default & 


settings or customize them. 


Low NORMAL HIGH 
ш 


Or use the "Customize" option for more granular control. 


Network Performance 


Moving down through the “Performance” options, the “Delta Upload Interval” and 
“Chunk sizes for file fragment uploads” settings work together to control how VM and 
PC data is transmitted to the Qualys Cloud Platform (FIM and EDR settings are specified 
in a separate place). 


Delta Upload Interval* 
Interval an agent attempts to upload detected changes 


Chunk sizes for file fragment uploads* 4096 KB(64 - 10240) 


This is the upload block size, and combined with the above Network throttle Tx, 
determines network utilization 


Chunk sizes for file fragment uploads - Specifies the maximum payload size for data 
transmissions. If the total amount of transmission data exceeds this value, it will be 
broken up (or fragmented) into appropriate chunks; not to exceed this value. 


Example: if “Chunk sizes for file fragment uploads” is set to 1024KB, a 4MB data 
transmission will be broken up into four separate chunks, each 1024KB in size. 


Delta Upload Interval - Specifies the amount of time (or delay) between separate 
transmissions of “chunks” of data. 


These two setting will have the greatest impact on network performance during times 
of agent scan data transmissions (specified in the Scan Interval settings). 
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CPU Performance 


It’s the CPU performance settings that determine how long it will take an agent to 
complete the task of collecting inventory and scan data from its agent host. 


The more CPU resources you provide to an agent, the sooner it will complete its tasks. 
Separate CPU performance settings are provided for Windows and Linux/MacOS agents. 


WINDOWS SPECIFIC PARAMETERS (ve 


CPU Limit* %(2 - 100) 
Defines the percentage limit of the processor core(s) used by the agent. Lower 
percentages reduces CPU utilization at the expense of longer execution times. 


LINUX/MAC SPECIFIC PARAMETERS (\ 


CPU Throttle* ms(0 - 1000) 


The higher this value, the lower CPU utilization but longer agent takes to perform 
actions on it's host 


CPU Limit - The CPU configuration setting for a windows agent is called the "CPU Limit" 
and is expressed as a percentage of CPU usage. 


Higher percentages will provide greater CPU resources to a Windows agent, allowing it 
to complete its data collection tasks in less time. Lower percentages will reduce agent 
performance, and more time will be required for the agent to complete its tasks. 


Note: The Windows agent is single-threaded, and only executes on one core of the CPU. 
Because of this single-threaded behavior, a windows agent configured with a 100% 
value, will use the equivalent of 25% overall CPU usage on a four-core system. 


CPU Throttle - The CPU configuration for a Linux or Mac host is called CPU Throttle and 
is expressed in milliseconds; which represents the delay between metadata collection 
commands executed by the agent. 


Lower CPU Throttle settings improve agent performance, by minimizing the delay 
between agent tasks. Higher values for CPU throttle, will slow agent performance. 
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Assign Hosts 


In the first lab tutorial, the “CA Lab” tag was added to the CA Lab Activation Key. This 
ensures all agents created with the CA Lab Activation Key, will receive the “CA Lab” tag. 
The “CA Lab” tag can now be used to assign your agent host to the correct Configuration 
Profile. 


Configuration Profile Creation Тит help tips: On | Off Ж 
Step 4 of 9 Assign hosts to this profile 
1 General Info By Asset Tag 


Cloud Agent hosts that have a corresponding tag will get this profile. Each Cloud Agent host can 
Blackout Wind 
2 сни d have only 1 profile assigned. When multiple profiles match a host, we'll assign the profile based 


оп the order in the profiles list. 
3 Performance 


v 

Include hosts that have Апу v ofthe tags below. => Select | Create 

о Assign Hosts 
CALab <= 


Exclude hosts that have Апу x ofthe tags below. Select | Create 


5 VM Scan Interval 


PC Scan Interval 
(no tags selected) 


By Name 


We'll always use this profile for the Cloud Agent hosts you choose below. 
Agents hosts Select items... >| v *k Select 


Cancel Previous | Continue | 


Hosts with the “CA Lab” tag will be assigned to this Configuration Profile, automatically. 


Agent Scan Merge 


The Agent Correlation Identifier is used to link SCAN data and AGENT data together. 
When Agent Scan Merge is enabled in a Configuration Profile, the Agent Correlation 
Identifier is exposed on TCP ports 10001-10005. 


Configuration Profile Edit Тит help tips: On | Off Ж 

Edit Mode Configure Agent Scan Merge 
General Info Enable Agent Scan Merge for this 

one €D 
Blackout Windows 

Ports* 10001,10002,1000 

3,10004,10005 

Performance 
Assign Hosts 

Bind All 
Agent Scan Merge 

On Premise Detection 
VM Scan Interval IP Address(In Range) 0.0.0.0 10 
PC Scan Interval Gateway ҮТҮ) 
SCA Scan Interval 

Subnet Mask 0.0.0.0 
FIM 

DNS Suffix Regex E.g ^(.*\.)?ехатре.сот$ 
EDR 

Note: To enable this feature, please provide values to at least one of the on premise detection 
PM parameters. If you would like the merging feature to always be enabled on all Agents with this 


configuration profile, use ipAddress inRange value of 0.0.0.0/0. 


Cancel ec 


By default the lowest available port number will be used. Use the “Bind All” option to 
bind on all five ports simultaneously. Configure "On Premise Detection" to expose the 
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Agent Correlation Identifier only on a trusted network. An IP address range configured 
to: 0.0.0.0/0 enables this feature for all agent hosts. 


The 'agentid-service' can be viewed from Windows Task Manager. 


#9 Task Manager - о x 
File Options View 


| Processes Performance Users Details Services 


1% 32% 
Name CPU Memory 
^ 
Apps (2) 
#2 Task Manager 0% 8.2 MB 
Windows Command Processor 0% 0.5MB 
Background processes (20) 
| ET Antimalware service Executable 0% 100.2 MB 
| t Apache Commons Daemon Ser... 0% 1.0 MB 
[E] Application Frame Host 0% 4.1 MB 
T Google Crash Handler 0% 04 MB 
T Google Crash Handler (32 bit) 0% 04 МВ 
Га) Host Process for Windows Tasks 0% 2.3 МВ 
[E] Host Process for Windows Tasks 0% 2.6 МВ 
В Java Update Checker (32 bit) 0% 2.6 МВ 
Java Update Scheduler (32 bit) 0% 2.6 MB v 


Fewer details 


The 'agentid-service' can also be viewed within a Unix/Linux process list. 


Execute the 'netstat' command (below) to view the agentid-service's assigned port 
number(s). 


EEE Administrator: Command Prompt 


:\Users\Administrator>netstat -p tcp -ano 
Active Connections 


п Address State 
.0.0:0 LISTENING 

.0:0 LISTENING 

e:e LISTENING 


LISTENING 
LISTENING 
LISTENING 
LISTENING 
LISTENING 
LISTENING 
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Once {Пе Agent Correlation Identifier is accepted, within the “Asset Tracking and Data 
Merging Setup” options (in Qualys VM or VMDR), Qualys Scanners will attempt to read 
the Agent Correlation Identifier from agent hosts. 


Asset Tracking and Data Merging Setup x 


agent installed on Windows and/or Unix hosts, to correlate the scan 
results of cloud agents or IP scans (authenticated/unauthenticated). 

Asset Tracking & Data Merging The data merging option will allow you to decide how the data 
merging should happen for these scan results that uses agent 
correlation identifier. Note: For this feature to work, please make 
sure that Agent installed on Windows hosts has version 4.2 or later 
and Agent installed on linux hosts has version 3.1.0 or later. Please 
also enable ‘Asset Scan Merge' option in configuration profile(s) 
through Cloud Agent > Agent management page. 


О Accept Agent Correlation Identifier 
You agree to use agent correlation identifier. 


Decline Agent Correlation Identifier 
You do not agree to use agent correlation identifier. 


When Qualys Scanner Appliances scan agent hosts (that have the Agent Correlation 
Identifier enabled), they return ОШО 48143 — Qualys Correlation ID Detected. 


vE 1 Qualys Correlation ID Detected 


First Detected: 02/03/2021 at 03:49:59 PM (GMT+0000) Last Detected: 02/03/2021 at 07:1 


QID: 48143 

Category: Information gathering 
CVE ID: - 

Vendor Reference 

Bugtraq ID: - 

Service Modified: 12/15/2020 

User Modified: 


Edited: No 
PCI Vuln: No 


THREAT: 

Qualys correlation ID is a unique value - a binary array of a specific size, which will be used to merge age! 
QID Detection Logic:(Unauthenticated) 

This QID sends GET request to /correlation-id to retrieve correlation id. 


RESULTS: 
Qualys Correlation ID= eadacef1411841c92b823fd14ef460576f185980e5b3cf6d824df60c20028cfe 


AGENT data and SCAN data can be successfully merged using the Agent Correlation 
Identifier attribute. 
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VM, PC, and SCA Scan Intervals 


The VM, PC, and SCA Scan Interval setting determine how often Cloud Agent collects 
vulnerability and compliance assessment data. Configured at its minimal value, data 
collections will occur every four hours. 


Configure Scan Interval for Vulnerability Management 


Configure the interval at which the agent collects data for Vulnerability Management for the 


assets associated with this profile. 
Every 4 hours. 
Data Collection Interval* 240 min (240 - 43200) 


The time lapse between the completion of the previous scan and the start of the 
next scan 


Scan On-Demand 


Manually perform VM, PC, SCA, UDC, and inventory scans on Windows and Linux agent 
hosts. You can run an on-demand scan as long as the agent is not already scanning. The 
On Demand Scan runs independently of the interval scan that you configure in the 
Configuration Profile and will reset the scan interval on the local agent after a successful 
scan. 


Windows On-Demand Scan 


On-demand scans for Windows are configured in the Windows System Registry. 


File Edit View Favorites Help 
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Qualys\QualysAgent\ScanOnDemand\Vulnerability 
v БИ Computer Name Type Data 
{ 1 HKEY. CLASSES ROOT туар him i 
|. HKEY_CURRENT USER —— aia - (value not set) 
> ü НКЕУ LOCAL MACHINE $$ ScanOnDemand REG DWORD 0x00000001 (1) 
v ü SOFTWARE BB ScanOnStartup REG DWORD 0x00000001 (1) 
м | Qualys 
м 1 QualysAgent 
м | ScanOnDemand 
|. Vulnerability 
« > 


Create separate subkeys (i.e., Inventory, Vulnerability, PolicyCompliance, UDC, or SCA) 
for the type of on-demand scan to be performed and then set the “ScanOnDemand” 
registry value to ‘1’ to activate an on-demand scan. 
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НКЕУ LOCAL MACHINE 
SOFTWARE 


Qualys 
Value Type Data Description QualysAgent 
+ 
CpuLimit REG,DWORD |2- 100 Sets the CPU Limit (%) for the ScanOnDemand 
(decimal) execution 
Key is not required CpuLimit 
Default value is 100 if no value E Е 
* з ЅсапОпретапа 
exists ог the data is not valid 
ScanOnStartup 
ScanOnDemand REG_DWORD completed Setting a data value of *1" will 
(decimal) execute now initiate the on demand scan. Could mit 
" ; CcpuLimit 
in progress The data value will change to ^P 
"2" when the scan is in ScanOnDemand 
progress ScanOnStartup 
The data value will change to 
у : Cm t = : 
0" when the scan is complete CpuLimit 
ScanOnStartup REG_DWORD |1 А data value of "1" will ScanOnDemand 
(decimal) configure the agent to execute ScanOnStartup 
the scan when the agent upc 
service starts up. nn T4 má 
F > Cpr mit 
After a completed scan, the pum. 
scan interval for this manifest ScanOnDemand 
is reset ScanOnStartup 
No execution if there is no SCA 
value or the data is not valid CpuLimit 
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ScanOnDemand 


ScanOnStartup 


Alternatively, use the "ScanOnStartup" registry value to launch a scan at the very next 
system startup. ScanOnStartup can be very useful for validating vulnerability patches 
that require a reboot; just set the ScanOnStartup value to '1' and then deploy your 
patches. The "CpuLimit" registry value is not required and has a default value of 100. 


Linux On-Demand Scan 


On-demand scans for Linux are executed from the command line. Use the 
cloudagentctl.sh script to run the on-demand scan. You'll find this script at 
/usr/local/qualys/cloud-agent/bin/. 


># ./cloudagentctl.sh action={demand} type={vm|pc|inv|sca|udc} cputhrottle-(0-1000) 
= The action and type parameters are mandatory. 
" The value for the "action" parameter is “demand” for an “on-demand” scan. 


= The value for the "type" parameter is the targeted application module. 
" The default value for the "cputhrottle" parameter is O. 


Example: 


># ./cloudagentctl.sh action={demand} type=vm 


FIM and EDR 


FM and EDR use and event-driven data collection model, where events are captured and 
logged as they occur. Logged events are transferred to the Qualys Platform at frequent 
intervals (i.e., Payload Threshold Time (30 — 1800 seconds). 
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РМ 


Patch assessment scans (configured т the PM application) are performed every 4 hours 
to every 30 days. 


Configuration Profile Precedence 


You can use your mouse to grab and drag any profile to a new position in the list. 


| New Profile | Drag profiles to change the order in which they will be applied 


Order + Profile Name 


CA Lab High Performance 


Initial Profile (Default) 


If a deployed agent host is assigned to more than one profile, the matching profile 
closest to the top of the list will take precedence. 


Download Manifest 


A “manifest” identifies the tasks to be performed and data to be collected by the agent. 
Qualys Application Modules have their own separate manifests. 


Inventory Collects asset inventory such as hardware, Daily Intervals 
software, active services, etc... 


Vulnerability Collects data defined by QIDs in the Qualys User-Defined Intervals (240 - 
Vulnerability KnowledgeBase. 43200 min.) 

PolicyCompliance Collects System Defined Control (SDC) datapoints User-Defined Intervals (240 - 
defined in the PC Control Library. 43200 min.) 

UDC Collects User Defined Control (UDC) datapoints Four-hour intervals 
defined in the PC Control Library. 

SCA Collects compliance datapoints defined in CIS User-Defined Intervals (240 - 
Policy Controls. 43200 min.) 

AutoDiscovery Automatically discovers host middleware Four-hour intervals 
technologies. 

MiddlewarePC Collects compliance datapoints for host Four-hour intervals 
middleware assessments. 

FIM Collects events for targeted file and directory Event-Driven (Payload 
changes and modifications. threshold time 30 - 1800 sec.) 

EDR Collects events for targeted processes, process Event-Driven (Payload 
mutex, registry keys, and suspect file locations. threshold time 30 - 1800 sec.) 


When a new application module is activated for an agent host, the agent receives a new 
manifest and data collection begins. Data collection also begins after an agent receives 
an updated manifest. 
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Activate, Deactivate & Uninstall Agents 


Using the “Quick Actions” menu of any agent, you can activate or deactivate modules, 
and uninstall agents according to the licenses within your Qualys subscription. 


æ Agent Management Activation Keys Configuration Profiles 


Saved Searches ~ 


Search... 


e Search 


Install New Agent | | Activation Jobs 


О Agent Host os Status/Last Checked-in + Agent Modules 
L1 WIN10E С == Microsoft Windows 10... Inventory Scan Complete 
92.168.1.243 pe 3 hours ago 


View Asset Details 


Activate Agent 
Deactivate Agent 
Uninstall Agent 


Navigate to the following URL to view the "Deactivate and Uninstall" tutorial 


LAB 6 - http://ior.ad/7fPY 


Activate & Deactivate Application Modules 


To deactivate an Agent Module, select "Deactivate Agent" from the "Quick Actions" 
menu. Then turn-off the targeted module, before clicking the "Deactivate" button. 


Deactivate Agent 


Deactivate this cloud agent for the modules selected below. 


Revoke license(s) for the agent. The agent will collect only host inventory data and assessments in the 
cloud will not occur. 


Vulnerability Management 
Activated. Your agent(s) are activated for VM. 


9 available of 10 total licenses 


Policy Compliance 
1 agent(s) will be deactivated for PC and marked available. 


9 available of 10 total licenses 
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A deactivated module can also be re-activated by using the “Activate Agent” option 
from the “Quick Actions” menu. 


An effective technique for activating or deactivating application modules in bulk, is 
provided within agent Activation Keys. 


Activation Key Turn help tips: On | Off х 


Edit the activation key 


An activation key is used to install agents. This provides a way to group agents and better manage your 
account. By default this key is unlimited - it allows you to add any number of agents at any time. 


Title AWS Activation Key 


Select | Create 


Provision Key for these applications 


Asset Inventory Patch Management 
Activations managed by Al 197 Activations Remaining 


Vulnerability Management Policy Compliance 
97 Activations Remaining 97 Activations Remaining 


Endpoint Detection and Response File Integrity Monitoring 
97 Activations Remaining = 97 Activations Remaining 


Secure Config Assessment 
100 Activations Remaining 


О Set limits 


Apply changes to all the existing agents <= 
Close Unlimited Key | Save | 


Open an Activation Key and check the modules to be activated or uncheck the modules 
to be deactivated. Select the "Apply changes to all the existing agents" option and save. 


All existing agents (deployed with the modified key) will be updated at their very next 
Agent Status Interval. 
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Uninstall Agents 


Selecting the “Uninstall Agent” option from the “Quick Actions” menu of any agent, will 
remove the agent from its host the very next time it checks-in. 


Uninstall Agent 


A Uninstall Agent? 


This step will remove the agent and revoke license(s) for all applications.Please note that any VM or PC 
data for this agent will not be removed. You will need to also purge that asset from the respective module 
to clear the related data. 


Uninstall agents in bulk using the CA Application Program Interface (API) or create Agent 
Purge Rules within the Qualys AssetView application. 


Purge Rule Creation Tum help tips: On | Off Launch help Ж 


Step 2 of 4 Rule Definition 


1 Rule Details Add criteria to permanently remove cloud based assets (*) REQUIRED FIELDS 


All matching assets will be purged 
o9 Rule Definition у 
ONLY IF 


3 Purge Limits Cloud Agent Based Filter «ы 


Review And Confirm 
Assets match all of the following conditions for 


иы Select Operator.. рм; 

/ lastActivity “OLDER THAN 

" lastCheckedIn IN LAST 

' activatedForModule 

agentActivationKey 

agentVersion Purge agent hosts that match 


configurationProfile one or more conditions. 


Previous ] СЭ 


Purge Rules run daily. А! assets matching your rule will be purged: 


= Assets and associated asset data will be removed from your account. 


= Agents will be uninstalled and licenses will be freed-up. 
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Cloud Agent Certification Exam 


Participants in this Cloud Agent training course have the option to take the Cloud Agent 
Certification Exam. This exam is provided through our Learning Management System 
(qualys.com/learning). To take the exam, candidates will need a “learner” account. 


@ Qualys. Training & Certification 
qualys.com/learning 


Please log in to the Qualys training site. First time users 
need to create an account. 
*Required Field 


*Username: 


* Password: 


Forgot your password? Request a new account. = 


If you would like to take the exam, but do not already have а “learner” account, click the 
“Request a new account” link (above), from the “Qualys Training & Certification” login 
page (qualys.com/learning). 


Once you have created a “learner” account (and for those who already have ап 
account), click the following link to access the “Cloud Agent- QSC 2021” course page: 


https://gm1.geolearning.com/geonext/qualys/scheduledclassdetails4enroll.geo?&id=22 
511237821 
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© Qualys. Training & Certification 


Му Ноте Learner Information» 


Course Catalog: Class Details 
Course: Qualys Cloud Agent - QSC 2021 


To see how a class below fits into your schedule, click View My Class Schedule. 


CLASS DETAILS: CLOUD AGENT - QSC 2021 
Course Name: Qualys Cloud Agent - QSC 2021 
Class Name: Cloud Agent - QSC 2021 
Class Code: 2250729076520210917125250 
Contact Name: Vibhu Gupta 
Private Class: Yes 
Maximum Class Capacity: 5000 
Class Cost: $0.00 


Session Name 4. Location Classroom Address 1 Address 2 City State Postal Code Times Instructor(s) 


Session 1 N/A N/A N/A МА МА МА МА Tuesday, November 16, 2021 9:00 АМ to 1:00 РМ (America/Los_Angeles) (UTC -07:00) Vibhu Gupta 


Back to Class List 


SumTotal 
21.20.0021 


From the "Cloud Agent- QSC 2021" course page, click the “Enroll” button (lower-right 
corner). 


After successfully completing the course enrollment, click the "Launch" button, for the 
Qualys Cloud Agent Exam. 


Qualys Cloud Agent - QSC 2021 


Progress: Not Attempted Status: Enrolled Required: No Duration: 4hours 
Notice: Enrollment Successful 
You have been successfully enrolled in the class. 


— Activities 


Class Sessions 


Class Name Date Location Classroom Instructor(s) 


Cloud Agent - QSC 2021 Tuesday, November 16, 2021 9:00 AM to 1:00 PM (America/Los Angeles) (UTC -07:00) N/A N/A Vibhu Gupta 


To access a learning activity, select the activity name and click Launch or Open. 


Activity Name 4 Type Progress Last Accessed Time Taken Attempts Action 


Cloud Agent Lab Tutorial Supplement pdf N/A 9/17/2021 12:11:17 PM N/A 


Cloud Agent Slides for QSC 2021 Epaf 


Qualys Cloud Agent Exam 2.0 Actual Test Not Attempted 


Each candidate is provided five attempts to pass the exam. 
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© Qualys. Training & Certification 


MyHome~ Learner Information ~ 5- 


e 


Qualys Cloud Agent - QSC 2021 


Progress: Completed Status: Enrolled Вед! 


E Print Certificate 


— Activities 


Class Sessions 


Class Name Date Location Classroom Instructor(s) 


Cloud Agent - QSC 2021 Tuesday, November 16, 2021 9:00 AM to 1:00 PM (America/Los Angeles) (UTC -07:00) N/A N/A Vibhu Gupta 


To access a learning activity, select the activity name and click Launch or Open. 


With a passing score of 7596 (or greater), click the "Print Certificate" button to download 
and print your course exam certificate. 


Cloud Agent Course Survey 


Please lets us know what you think about the "VMDR Overview" training course. Link to 
Survey - https://forms.office.com/r/rsyOAja6Xz 
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Appendix A: Mac OS Agent Installation 


The installation steps that follow support Mac OS 10.12 or higher. 


You must have root or root-equivalent access to the target Mac host, to successfully 
perform the Cloud Agent installation steps that follow. 


"m 


1. From the Cloud Agent (CA) application, navigate to the “Agent Management 
section, and click the “Activation Keys” tab. 


2. Use the “Quick Actions” menu of your activation key to select the “Install 
Agent” option. 


, 


3. Click the "Install instructions" button next to the e “Mac (.pkg)” option. 


Install Agents 


You are ready to install the agent. 


Current agent version: 1.6.1.26 
Hash-SHA-256 : 00395e343a31dd2bdf4074040b571cf3e1b77342019c22a3d6ac587e1a860292 


Mac (.pkg) Installation Requirements 


• Click here for the list of supported operation system versions. 


* Your host must be able to reach the Qualys Cloud Platform or the Qualys Private Cloud 
Platform over HTTPS port 443. 


• To install the agent you must have 1) root privileges, 2) non-root with Sudo root delegation, or 
3) non-root with sufficient privileges (VM only). 


* Do you have a proxy? Learn more 
Steps to Install the Mac Agent 


Download the agent installer (file size 3.5 MB) 
File will be saved to your downloads area, as defined by your local system. 


Copy qualys-cloud-agent.x86 64.pkg to the host you want to monitor and run commands. 
Click here to troubleshoot. 
Press Cmnd * C to 


Copy and paste this command for installation (sudo access required): 


sudo installer -pkg ./qualys-cloud-agent.x86_64.pkg -target / 

sudo bash -c " if [[ -f /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh 
1; then /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh 
ActivationId-i Nm at a Ha 


Close Download .pkg 


4. Copy and paste the installation command into a plain text document. 


5. Click the "Download .pkg" button and save the Cloud Agent installation file 
(-pkg). 
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Command Line Installation 


Although this lab uses a simple ‘command line’ technique to install Cloud Agent, other 
techniques and/or third-party applications can be leveraged to automate your Cloud 
Agent deployment. 


The Mac Agent installation file (.pkg) must be installed from a "Terminal" window. Do 
NOT attempt to install this file using the Mac graphical user interface (GUI). 


1. Opena "Terminal" window on the target Mac host. 


2. Navigate to the directory that contains the Cloud Agent installation file (.pkg). 


Air:desktop$ 15 -la 
total 8352 

256 Aug 6 15:21. 
drwxr-xr-x+ 34 1088 May 10 14:32 .. 


-rw-r--r--( t 487 Aug 6 15:11]mac install.txt 
-rw-r--r--Q 1 3241714 Aug 6 15:12jqualys-cloud-agent. x86, 64.pkg 


3. Use the “Is” command to verify the existence of the installation package. 


If you do not see file "qualys-cloud-agent x86 64.pkg" navigate to its correct 
location before executing the installation command. 


4. Copyand paste the installation command into the "Terminal" window and 
press the "Enter" key. 


This first part of the command unpacks and installs the Cloud Agent package. 


This second part of the command runs a shell script that that restarts the Cloud 
Agent service and activates your license key. 


Validate CA Installation 


To verify the success of your "command line" installation, look for the Cloud Agent 
process. 


5. Use the "ps" command, to verify ‘qualys-cloud-agent’ is running. 


ps -e | grep qualys 


macBook:desktop$ ps -e | grep qualys 
1237 ?? p Applications/QualysCloudAgent.app/Contents/Mac05S/ 


1259 11у5000 0 grep qualys 


Locate Host ID 


All agent host assets are automatically assigned a Qualys Host ID (UUID). For a Mac 
host, this Host ID can be found at /etc/qualys/hostid. 


6. From a Terminal window, execute the following command: 


sudo cat /etc/qualys/hostid 
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ТЕ the HostID is not displayed, your newly installed 
agent may still be completing some preliminary tasks 
within its manifest. 


Locate CA Log File (qualys-cloud-agent.log) 


You can use the Cloud Agent log file to monitor agent activity. You will find the log file 
for a Mac host in the /var/log/qualys directory. 


7. From a Terminal window, execute the following command: 


sudo cat /var/log/qualys/qualys-cloud-agent.log 


CA Log Analysis & Troubleshooting 
Visit the Qualys Training Video Library for more information and details on agent log 
analysis and troubleshooting: 

=  |ntroduction to Troubleshooting & Log Analysis (https://vimeo.com/412764672) 


= Troubleshooting & Log Analysis - Common Errors (https://vimeo.com/412762742) 
= Troubleshooting & Log Analysis — Unix/Linux Distribution (https://vimeo.com/418215691) 


= Соттоп Errors and Their Solutions — Unix/Linux Distribution (https://vimeo.com/418218290) 
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Appendix В: RPM-Based Agent Installation 


RPM-based Linux operating systems include: Red Hat Enterprise Linux, CentOS, Fedora, 
OpenSuSE, SuSE, Amazon Linux, and Oracle Enterprise Linux. 


You must have root or root-equivalent access to the target host, to successfully perform 
the Cloud Agent installation steps that follow. 


1. From the Cloud Agent (CA) application, navigate to the “Agent Management” 
section, and click the “Activation Keys” tab. 


2. Use the “Quick Actions” menu of your activation key to select the “Install 
Agent” option. 


3. Click the “Install instructions” button next to the & “Linux (.грт)” option. 


Install Agents 


You are ready to install the agent. 


Current agent version: 2.0.2.79 
Hash-SHA-256 : 89001da9caed3736e157df99e58a62ad20212cc5db51a4c1822898b53d6f7f8a 


Deploying in Azure Cloud 


Linux (.rpm) Installation Requirements 


* Click here for the list of supported operation system versions. 


* Your host must be able to reach the Qualys Cloud Platform or the Qualys Private Cloud 
Platform over HTTPS port 443. 


* To install the agent you must have 1) root privileges, 2) non-root with Sudo root delegation, 
or 3) non-root with sufficient privileges (VM only). 


• Do you have a proxy? Learn more 
Steps to Install the Linux Agent 
Download the agent installer (file size 3.5 MB) 
File will be saved to your downloads area, as defined by your local system. 


Copy qualys-cloud-agent-2.0.2.79.rpm to the host you want to monitor and run commands. 
Click here to troubleshoot. 
Press CTRL-C to 


Copy and paste this command for installation (sudo access required): - 


sudo rpm -ivh qualys-cloud-agent-2.0.2.79.rpm 
sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh 
= ER E -r - 


ActivationId 
Сизботе = 9 «wee pem o diet m mlt 


cise ce) ET 


4. Copy and paste the installation command into a plain text document. 


5. Click the “Download. rpm file” button and save the Cloud Agent installation 
file. 
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Command Line Installation 


Although this lab uses a simple ‘command line’ technique to install Cloud Agent, other 
techniques and/or third-party applications can be leveraged to automate your Cloud 
Agent deployment. 


1. Opena “Terminal” window on the target Unix host. 


2. Navigate to the directory that contains the Cloud Agent installation file (.rpm). 


[qscan@centos7 Desktop]$ ls -la 


qscan qscan Jan 2 19:03 . 

qscan qscan Зап 2 18:50 .. 

qscan qscan Nov 7 2Q15 Old Firefox Data 

qscan qscan 3195390 Jan qualys-cloud-agent.x86 64.rpm 
qscan qscan 204 Jan 2 18:40 unix install.txt 


qscan@centos7 Desktop]$ sudo rpm, -ivh qualys-cloud-agent.x86 64.грп 


Paste and execute 
the first command. 


3. Use the "Is" command to verify the existence of the installation file. 


If you do not see file "qualys-cloud-agent x86 64.rpm" navigate to its correct 
location before executing the installation command. 


4. Copyand paste the installation command into the "Terminal" window and 
press the "Enter" key. 


The first part of the command unpacks and installs the Cloud Agent package. 


The second part of the command runs a shell script that that restarts the Cloud 
Agent service and activates your license key. 


Validate CA Installation 


To verify the success of your "command line" installation, look for the Cloud Agent 
process. 


6972 tty7 00:00:00 Xorg 
6984 ? 


6985 ? Type "ps -e" from the command line. 
6987 ? 


6988 pts/1 00:00:00 bash 
8404 pts/2 00:00:00 qualys-cloud-ag (fm 
8420 pts/1 00:00:00 ps 

00:00:14 java 

00:00:00 httpd 


5. Use the "ps" command, to verify ‘qualys-cloud-ag’ is running. 


ps -e | grep qualys 
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Locate Host ID 


All agent host assets are automatically assigned a Universally Unique ID (UUID) by 
Qualys. For a Unix host, this Host ID can be found at /etc/qualys/hostid. 


6. From a Terminal window, execute the following command: 
sudo cat /etc/qualys/hostid 


If the HostID is not displayed, your newly installed 
agent may still be completing some preliminary tasks 
within its manifest. 


Locate CA Log File (qualys-cloud-agent.log) 


You can use the Cloud Agent log file to monitor agent activity. You will find the log file 
for a Unix host in the /var/log/qualys directory. 


7. From a Terminal window, execute the following command: 


sudo cat /var/log/qualys/qualys-cloud-agent.log 


CA Log Analysis & Troubleshooting 


Visit the Qualys Training Video Library for more information and details on agent log 
analysis and troubleshooting: 


=  |ntroduction to Troubleshooting & Log Analysis (https://vimeo.com/412764672) 
= Troubleshooting & Log Analysis - Common Errors (https://vimeo.com/412762742) 
= Troubleshooting & Log Analysis — Unix/Linux Distribution (https://vimeo.com/418215691) 


= Соттоп Errors and Their Solutions — Unix/Linux Distribution (https://vimeo.com/418218290) 
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Appendix С: Debian/Ubuntu Agent 
Installation 


You must have root or root-equivalent access to the target host, to successfully perform 
the Cloud Agent installation steps that follow. 


1. From the Cloud Agent (CA) application, navigate to the “Agent Management” 
section, and click the “Activation Keys” tab. 


2. Use the “Quick Actions” menu of your activation key to select the “Install 
Agent” option. 


3. Click the "Install instructions" button next to the © “Linux (.deb)” option. 


Install Agents 


You are ready to install the agent. 


Current agent version: 2.1.0.91 
Hash-SHA-256 : 3979670e28b702242017a3ed362c9d9af224459dfabcb2de8ec8d3a1ed785936 


Linux (.deb) Installation Requirements 


* Click here for the list of supported operation system versions. 


* Your host must be able to reach the Qualys Cloud Platform or the Qualys Private Cloud 
Platform over HTTPS port 443. 


• To install the agent you must have 1) root privileges, 2) non-root with Sudo root delegation, or 
3) non-root with sufficient privileges (VM only). 


* Do you have a proxy? Learn more 
Steps to Install the Linux Agent 


Download the agent installer (file size 3.5 MB) 
File will be saved to your downloads area, as defined by your local system. 


Copy qualys-cloud-agent-2.1.0.91.deb to the host you want to monitor and run commands. 
Click here to troubleshoot. 
Press CTRL-C to 


Copy and paste this command for installation (sudo access required): 


sudo dpkg --install qualys-cloud-agent-2.1.0.91.deb 

sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh 
ActivationId=e2bce151-4a3f-4012-b27e-3d156d4ed8ba 
CustomerId=b48c8fb6-6b92-d0c7-804e-1e20felafiea 


4. Copy and paste the installation command into a plain text document. 


5. Click the “Download. deb file” button and save the Cloud Agent installation 
file. 
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Command Line Installation 


Although this lab uses a simple ‘command line’ technique to install Cloud Agent, other 
techniques and/or third-party applications can be leveraged to automate your Cloud 
Agent deployment. 


1. Open a "Terminal" window on the target Unix host. 


2. Navigate to the directory that contains the Cloud Agent installation file (.deb). 


ubuntu@ec2-ubu1604:-$ 1$ -la 

total 4000 

drwxr-xr-x 4 ubuntu ubuntu 4096 Aug 29 15:12 . 

drwxr-xr-x 5 root root 4096 Aug 9 14:40 .. 

-хи------- 1 ubuntu ubuntu 2801 Aug 29 15:17 .bash_history 

-rw-r--r-- 1 ubuntu ubuntu 220 Aug 31 2015 .bash logout 

-rw-r--r-- 1 ubuntu ubuntu 3771 Aug 31 2015 .bashrc 

(drwx------ 2 ubuntu ubuntu 4096 Aug 7 21:39 .cache 

-rw-r--r-- 1 ubuntu ubuntu 655 May 16 2017 .profile 

-rw-r--r-- 1 ubuntu ubuntu 4058210 Aug — qualys-cloud-agent-2.0.2.79.deb 
[drwx------ 2 ubuntu ubuntu 4096 Aug 7 21728 .ssh 

-rw-r--r-- 1 ubuntu ubuntu 0 Aug 7 21:41 .sudo as admin successful 
mxW--e-——-— 1 root root 2935 Aug 29 15:12 .viminfo 
ubuntu&ec2-ubul604:-$ B 


3. Use the "Is" command to verify the existence of the installation file. 


If you do not see file "qualys-cloud-agent x86 64.deb" navigate to its correct 
location before executing the installation command. 


4. Copyand paste the installation command into the "Terminal" window and 
press the "Enter" key. 


The first part of the command unpacks and installs the Cloud Agent package. 


The second part of the command runs a shell script that that restarts the Cloud 
Agent service and activates your license key. 


Validate CA Installation 


To verify the success of your "command line" installation, look for the Cloud Agent 
process. 


tty7 00:00:00 Xorg 
? 


Type “ps -e” from the command line. 


00:00:00 bash 

00:00:00 qualys-cloud-ag «jm 
00:00:00 ps 

00:00:14 java 

00:00:00 httpd 


5. Use the "ps" command, to verify ‘qualys-cloud-ag’ is running. 


ps -e | grep qualys 
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Locate Host ID 


All agent host assets are automatically assigned a Universally Unique ID (UUID) by 
Qualys. For a Unix host, this Host ID can be found at /etc/qualys/hostid. 


6. From a Terminal window, execute the following command: 
sudo cat /etc/qualys/hostid 


If the HostID is not displayed, your newly installed 
agent may still be completing some preliminary tasks 
within its manifest. 


Locate CA Log File (qualys-cloud-agent.log) 


You can use the Cloud Agent log file to monitor agent activity. You will find the log file 
for a Unix host in the /var/log/qualys directory. 


7. From a Terminal window, execute the following command: 


sudo cat /var/log/qualys/qualys-cloud-agent.log 


CA Log Analysis & Troubleshooting 


Visit the Qualys Training Video Library for more information and details on agent log 
analysis and troubleshooting: 


=  |ntroduction to Troubleshooting & Log Analysis (https://vimeo.com/412764672) 
= Troubleshooting & Log Analysis - Common Errors (https://vimeo.com/412762742) 
= Troubleshooting & Log Analysis — Unix/Linux Distribution (https://vimeo.com/418215691) 


" Common Errors and Their Solutions — Unix/Linux Distribution (https://vimeo.com/418218290) 
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Appendix D: Qualys Technical Support 


When contacting Qualys Technical Support to report observed agent issues or errors, you may be 
asked to provide the following information: 


Windows Host 


1. Make a copy of the following folder and all of its subfolders: 
\ProgramData\Qualys\QualysAgent\ 


2. Use Windows Explorer or your favorite archive utility to move the contents of this folder into a 
single compressed (.zip) file. 


Linux/Unix/Mac Host 


1. Маке a copy of the following directory and all of its subdirectories: 
/var/log/qualys/ 


2. Use an archive utility to move the contents of this directory into a single compressed or tarball 
file. 


Other Helpful Information 


When possible, provide other log files (from other applications and services running on the suspect 
agent host) that correlate to the events recorded within the agent log file. This type of information is 
especially useful for identifying potential conflicts between Cloud Agent and other applications or 
services. 
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